CVS commit: src/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Wed, 27 Mar 2019 18:27:47 +0000

Module Name:    src
Committed By:   maxv
Date:           Wed Mar 27 18:27:47 UTC 2019

Modified Files:
        src/sys/kern: subr_pool.c
        src/sys/sys: pool.h

Log Message:
Kernel Heap Hardening: detect frees-in-wrong-pool on on-page pools. The
detection is already implicitly done for off-page pools.

We recycle pr_slack (unused) in struct pool, and make ph_node a union in
order to recycle an unsigned int in struct pool_item_header. Each time a
pool is created we atomically increase a global counter, and register the
current value in pp. We then propagate this value in each ph, and ensure
they match in pool_put.

This can catch several classes of kernel bugs and basically makes them
unexploitable. It comes with no increase in memory usage and no measurable
increase in CPU cost (inexistent cost actually, just one check predicted
false).


To generate a diff of this commit:
cvs rdiff -u -r1.244 -r1.245 src/sys/kern/subr_pool.c
cvs rdiff -u -r1.86 -r1.87 src/sys/sys/pool.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/arch
Next by Date: CVS commit: src/share/mk
Previous by Thread: CVS commit: src/sys/arch
Next by Thread: CVS commit: src/share/mk
Indexes:

Home | Main Index | Thread Index | Old Index